VulnHub

The UK government's National Cyber Security Centre (NCSC) has issued a warning about ongoing Distributed Denial of Service (DDoS) attacks carried out by Russia-linked hacktivists. These attacks are targeting critical infrastructure and local government systems across the UK. The NCSC's alert, released on January 19, 2026, emphasizes the potential disruption these attacks can cause, putting essential services at risk. The government urges organizations to bolster their defenses against such incidents, highlighting that the threat remains persistent. This situation is particularly concerning as it could impact public safety and the functionality of vital services during times of crisis.

The U.K. government has issued a warning about ongoing attacks from Russian-aligned hacktivist groups that are targeting the country's critical infrastructure and local government entities. These attacks primarily involve disruptive denial-of-service (DDoS) tactics, which can overwhelm systems and render them inoperable. As these groups continue their campaigns, organizations may face significant operational challenges and potential data breaches. It’s crucial for affected entities to bolster their cybersecurity measures to mitigate the risks associated with these aggressive actions. The situation highlights a growing trend of politically motivated cyberattacks that can impact essential services and public safety.

The activist website ICE List, which published personal information of U.S. Immigration and Customs Enforcement (ICE) agents, was taken offline after a significant distributed denial-of-service (DDoS) attack. This incident occurred shortly after the release of a list containing the names of 4,500 federal agents, which was linked to a shooting involving Renee Nicole Good. The DDoS attack effectively crippled the site, preventing access for users. This incident raises concerns about the safety of law enforcement personnel whose information has been exposed and the potential for further attacks on similar activist platforms. It highlights the ongoing tensions between activists and law enforcement agencies, especially in the context of online privacy and security.

A website associated with a data breach at the Department of Homeland Security is currently facing a distributed denial-of-service (DDoS) attack, reportedly orchestrated through Russian servers. This attack is aimed at a site linked to the leaked personal information of ICE agents, putting these individuals at risk of harassment or further exposure. The breach not only affects the privacy and security of those named but also raises concerns about the overall security of sensitive government data. The incident highlights ongoing tensions and the potential for cyber warfare, as attackers exploit vulnerabilities for political or social motives. As investigations continue, the implications for national security and the safety of federal agents remain significant.

Lumen's Black Lotus Labs has successfully disrupted a significant portion of the AISURU and Kimwolf botnet by blocking over 550 command-and-control (C2) servers. This botnet is notorious for facilitating DDoS attacks and proxy abuse, acting as a DDoS-for-hire service that has been used to target various organizations. By taking these C2 servers offline, Lumen aims to reduce the operational capabilities of this botnet, which has been a persistent problem for cybersecurity professionals. The disruption not only impacts the botnet operators but also helps protect potential victims from being targeted in future attacks. This action underscores the ongoing battle against cybercrime and highlights the importance of proactive measures in cybersecurity.

The Black Lotus Labs team at Lumen Technologies has taken significant action against the AISURU and Kimwolf botnets by null-routing over 550 command-and-control (C2) servers since early October 2025. These botnets have gained notoriety for their ability to commandeer devices and use them in distributed denial-of-service (DDoS) attacks. By cutting off access to these C2 nodes, researchers aim to disrupt the operations of these botnets, which primarily target Android devices. This move is crucial as it not only protects potential victims from being exploited but also highlights the ongoing battle against cybercriminals who leverage such networks for malicious activities. The impact of these botnets underscores the need for continued vigilance in cybersecurity practices, especially for users of vulnerable devices.

The Kimwolf Android botnet has expanded significantly, now comprising around 2 million devices. This botnet primarily targets residential proxy networks, allowing its operators to profit through various means, including launching Distributed Denial of Service (DDoS) attacks, installing applications without user consent, and selling proxy bandwidth. The growth of this botnet poses serious risks to users, as it can lead to unauthorized use of their devices and potential data breaches. It also raises concerns for internet service providers and businesses that may be targeted by DDoS attacks. The situation highlights the ongoing challenges in securing IoT devices and the need for users to be vigilant about their device security.

On Monday, the French national postal service, La Poste, experienced a significant disruption due to a Distributed Denial of Service (DDoS) attack. The attack caused central computer systems to go offline, impacting operations across the postal service. Pro-Russian hacker groups have claimed responsibility for the incident, raising concerns about the motivations behind such attacks amid ongoing geopolitical tensions. This incident not only disrupts postal services but also highlights the vulnerability of critical infrastructure to cyber threats. As La Poste works to restore services, this event serves as a reminder of the increasing frequency and severity of cyberattacks targeting essential services.

The French postal service, La Poste, has been facing significant disruptions due to a major DDoS (Distributed Denial of Service) attack. This incident, which occurred just before Christmas, has rendered their online services largely inaccessible, impacting both customers and businesses that rely on postal services during the holiday season. La Poste acknowledged the situation and described it as a 'major network incident.' As the postal service works to restore functionality, users may experience delays and challenges in sending and receiving packages, which is particularly concerning during this busy time of year. The attack raises important questions about the security of critical infrastructure and the potential for further disruptions in similar sectors.

The Kimwolf Android botnet has been discovered infecting over 1.8 million devices, according to security researchers at XLab. This botnet, which is linked to the previously identified Aisuru botnet, has been responsible for sending more than 1.7 billion commands for Distributed Denial of Service (DDoS) attacks. The scale of these attacks is significant, raising concerns about the potential for disruption to various online services. The fact that millions of devices are compromised highlights the ongoing vulnerability of Android systems to malware. Users should be cautious and consider securing their devices to prevent further infections and attacks.

A new botnet named Kimwolf has compromised around 1.8 million Android-based devices, including TVs, set-top boxes, and tablets. Researchers from QiAnXin XLab report that this botnet may be linked to another one known as AISURU. Kimwolf is built using the Native Development Kit (NDK), which allows attackers to control these devices and use them for large-scale distributed denial-of-service (DDoS) attacks. This incident raises concerns about the security of smart devices, as many consumers may not realize their equipment can be hijacked in this way. Users of affected devices should be vigilant and consider measures to secure their systems against such threats.

The article discusses a record-breaking DDoS attack powered by the Aisuru botnet, which peaked at 29 Tbps. Cloudflare successfully mitigated this attack, highlighting the growing severity of DDoS threats and the need for robust cybersecurity measures.

Cloudflare's Q3 2025 DDoS Threat Report highlights the unprecedented scale of a DDoS attack launched by the Aisuru botnet, reaching 29.7 Tbps. This surge in attacks indicates a growing threat landscape, particularly affecting critical sectors and emphasizing the need for enhanced cybersecurity measures.

Cloudflare has reported the largest DDoS attack ever recorded, reaching 29.7 Tbps, attributed to the AISURU botnet, which has been linked to multiple significant attacks over the past year. This incident underscores the growing threat posed by botnets and the need for robust cybersecurity measures to mitigate such high-volume attacks.